System and method for identifying communication session participants based on traffic patterns
First Claim
1. A method for identifying communication devices that serve as endpoints in a communication session, the method comprising:
- monitoring a plurality of traffic flows exchanged over a communication network;
generating a respective compressed-form signature of traffic flow temporal behavior for each of the traffic flows; and
identifying communication devices that participate in a same communication session, by comparing signatures of at least some of the traffic flows exchanged by the communication devices, and matching the signatures between an inbound traffic flow of a first communication device and an outbound traffic flow of a second communication device.
3 Assignments
0 Petitions
Accused Products
Abstract
A monitoring system monitors traffic flows that are exchanged over a communication network. The system characterizes the flows in terms of their temporal traffic features, and uses this characterization to identify communication devices that participate in the same communication session. By identifying the communication devices that serve as endpoints in the same session, the system establishes correlations between the users of these communication devices. The monitoring system characterizes the flows using traffic features such as flow start time, flow end time, inter-burst time and burst size, and/or statistical properties of such features. The system typically generates compressed-form representations (“signatures”) for the traffic flows based on the temporal traffic features, and finds matching flows by finding similarities between signatures.
-
Citations
20 Claims
-
1. A method for identifying communication devices that serve as endpoints in a communication session, the method comprising:
-
monitoring a plurality of traffic flows exchanged over a communication network; generating a respective compressed-form signature of traffic flow temporal behavior for each of the traffic flows; and identifying communication devices that participate in a same communication session, by comparing signatures of at least some of the traffic flows exchanged by the communication devices, and matching the signatures between an inbound traffic flow of a first communication device and an outbound traffic flow of a second communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. Apparatus for identifying communication devices that serve as endpoints in a communication session, the apparatus comprising:
-
an interface, which is configured to monitor a plurality of traffic flows exchanged over a communication network; and a processor, which is configured to generate a respective compressed-form signature of traffic flow temporal behavior for each of the traffic flows, and to identify communication devices that participate in a same communication session, by comparing signatures of at least some of the traffic flows exchanged by the communication devices, and matching the signatures between an inbound traffic flow of a first communication device and an outbound traffic flow of a second communication device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification